| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1342677832.2626.3839.camel@edumazet-glaptop>
Date: Thu, 19 Jul 2012 08:03:52 +0200
From: Eric Dumazet <eric.dumazet@...il.com>
To: Huang Qiang <h.huangqiang@...wei.com>
Cc: David Miller <davem@...emloft.net>, glommer@...allels.com,
netdev@...r.kernel.org, containers@...ts.linux-foundation.org,
yangzhenzhang@...wei.com
Subject: Re: [PATCH net-next] netns: correctly use per-netns ipv4
sysctl_tcp_mem
On Thu, 2012-07-19 at 13:38 +0800, Huang Qiang wrote:
> From: Yang Zhenzhang <yangzhenzhang@...wei.com>
>
> Now, kernel allows each net namespace to independently set up its levels
> for tcp memory pressure thresholds.
>
> But it seems there is a bug, as using the following steps:
>
> [root@...t socket]# lxc-start -n test -f config /bin/bash
> [root@...-test socket]# ip route add default via 192.168.58.2
> [root@...-test socket]# echo 0 0 0 > /proc/sys/net/ipv4/tcp_mem
> [root@...-test socket]# scp root@....168.58.174:/home/tcp_mem_test .
>
> and it still can transport the "tcp_mem_test" file which we hope it
> would not.
>
> It's because inet_init() (net/ipv4/af_inet.c)initialize the tcp_prot.sysctl_mem:
> tcp_prot.sysctl_mem = init_net.ipv4.sysctl_tcp_mem;
>
> So when the protocal is TCP, sk->sk_prot->sysctl_mem(following code)
> always use the ipv4 sysctl_tcp_mem of init_net namespace rather than
> it's own net namespace.
> This patch simply set "prot" equal to net->ipv4.sysctl_tcp_mem when
> the protocol type is TCP.
>
> Signed-off-by: Yang Zhenzhang <yangzhenzhang@...wei.com>
> Signed-off-by: Huang Qiang <h.huangqiang@...wei.com>
> ---
> include/net/sock.h | 24 ++++++++++++++++--------
> 1 files changed, 16 insertions(+), 8 deletions(-)
>
> diff --git a/include/net/sock.h b/include/net/sock.h
> index 88de092..61f4363 100644
> --- a/include/net/sock.h
> +++ b/include/net/sock.h
> @@ -59,6 +59,7 @@
> #include <linux/static_key.h>
> #include <linux/aio.h>
> #include <linux/sched.h>
> +#include <linux/in.h>
>
> #include <linux/filter.h>
> #include <linux/rculist_nulls.h>
> @@ -1064,14 +1065,6 @@ static inline void sk_enter_memory_pressure(struct sock *sk)
> sk->sk_prot->enter_memory_pressure(sk);
> }
>
> -static inline long sk_prot_mem_limits(const struct sock *sk, int index)
> -{
> - long *prot = sk->sk_prot->sysctl_mem;
> - if (mem_cgroup_sockets_enabled && sk->sk_cgrp)
> - prot = sk->sk_cgrp->sysctl_mem;
> - return prot[index];
> -}
> -
> static inline void memcg_memory_allocated_add(struct cg_proto *prot,
> unsigned long amt,
> int *parent_status)
> @@ -2155,6 +2148,21 @@ static inline void sk_change_net(struct sock *sk, struct net *net)
> sock_net_set(sk, hold_net(net));
> }
>
> +static inline long sk_prot_mem_limits(const struct sock *sk, int index)
> +{
> + long *prot = sk->sk_prot->sysctl_mem;
> +
> + if (sk->sk_protocol == IPPROTO_TCP) {
> + struct net *net = sock_net(sk);
> + prot = net->ipv4.sysctl_tcp_mem;
> + }
> +
if (sk->sk_protocol == IPPROTO_TCP)
prot = sock_net(sk)->ipv4.sysctl_tcp_mem;
> + if (mem_cgroup_sockets_enabled && sk->sk_cgrp)
> + prot = sk->sk_cgrp->sysctl_mem;
> +
> + return prot[index];
> +}
> +
> static inline struct sock *skb_steal_sock(struct sk_buff *skb)
> {
> if (skb->sk) {
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists